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EXAMINER'S ANSWER 



This is in response to the appeal brief filed 10 June 2008 appealing from the 
Office action mailed 29 October 2007. 
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(1) Real Party in Interest 

A statement identifying by name the real party in interest is contained in the brief. 

(2) Related Appeals and Interferences 

The examiner is not aware of any related appeals, interferences, or judicial 
proceedings which will directly affect or be directly affected by or have a bearing on the 
Board's decision in the pending appeal. 

(3) Status of Claims 

The statement of the status of claims contained in the brief is correct. 

(4) Status of Amendments After Final 

The appellant's statement of the status of amendments after final rejection 
contained in the brief is correct. 

(5) Summary of Claimed Subject Matter 

The summary of claimed subject matter contained in the brief is correct. 

(6) Grounds of Rejection to be Reviewed on Appeal 

The appellant's statement of the grounds of rejection to be reviewed on appeal is 
correct. 
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(7) Claims Appendix 

The copy of the appealed claims contained in the Appendix to the brief is correct. 

(8) Evidence Relied Upon 

5,787,428 HART 7-1998 

5,859,966 HAYMAN 1-1999 

2002/0143735 AYI 10-2002 

(9) Grounds of Rejection 

The following ground(s) of rejection are applicable to the appealed claims: 

DETAILED ACTION 

Declarations under 37 CFR 1.131 

1 . Appellants submitted the declarations under 37 CFR 1 .1 31 to swear behind the 
Ayi reference. However, the declarations are not sufficient to overcome the Ayi 
reference for the following reasons: 

2. The evidence submitted is insufficient to establish a reduction to practice of the 
invention from a date prior to the date of reduction to practice of the Ayi reference to 
either a constructive reduction to practice or an actual reduction to practice. A general 
allegation that the invention was completed prior to the date of the reference is not 



Application/Control Number: 10/006,543 Page 4 

Art Unit: 2164 

sufficient. Ex parte Saunders, 1883 CD. 23, 23 O.G. 1224 (Comm'r Pat. 1883). 
Similarly, a declaration by the inventors to the effect that their invention was conceived 
or reduced to practice prior to the reference date, without a statement of facts 
demonstrating the correctness of this conclusion, is insufficient to satisfy 37 CFR 1 .131 . 
See also MPEP §715.07. 

3. The affidavit or declaration and exhibits must clearly explain which facts or data 
applicant is relying on to show completion of his or her invention prior to the particular 
date. Vague and general statements in broad terms about what the exhibits describe 
along with a general assertion that the exhibits describe a reduction to practice 
"amounts essentially to mere pleading, unsupported by proof or a showing of facts" and, 
thus, does not satisfy the requirements of 37 CFR 1.131(b). In re Borkowski, 505 F.2d 
71 3, 1 84 USPQ 29 (CCPA 1 974). Applicant must give a clear explanation of the exhibits 
pointing out exactly what facts are established and relied on by applicant. 505 F.2d at 
718-19, 184 USPQ at 33. See also In re Harry, 333 F.2d 920, 142 USPQ 164 (CCPA 

1 964) (Affidavit "asserts that facts exist but does not tell what they are or when they 
occurred."). See MPEP §715.07. 

4. For example, in the independent claim 1, limitations "receiving, within a database 
management system... ", "determining which policies..." and "for each operation in the 
operation set..." correspond to which part(s) of the Appellants' Exhibits. Similar 
comments from the above also apply to claims 6, 21 , and 26. 
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5. On page 3 of Applicant's Response filed on 08 September 2006, Applicant 
indicated that it is difficult to show the steps of "determining which polices..." and 
"determining whether to perform the operation". It is submitted that without 
correlating the limitations of at least the independent claims to Applicant's Exhibits, the 
Applicant has failed to show possession of the claimed invention. 

MPEP 715.02 

6. The 37 CFR 1.131 affidavit or declaration must establish possession of either the 
whole invention claimed or something falling within the claim. If the affidavit contains 
facts showing a completion of the invention commensurate with the extent of the 
invention as claimed is shown in the reference or activity, the affidavit or declaration is 
sufficient, whether or not it is a showing of the identical disclosure of the reference or 
the identical subject matter involved in the activity. See In re Wakefield, 422 F.2d 897, 
164 USPQ 636 (CCPA1970). 

7. Further, Office Policy for Actual Reductions to Practice under 37 CRF 1 .131 
states: 

a. Testing is required unless operativeness of invention is readily apparent;. 

b. Testing, if required, must be under actual working conditions or realistic 
simulation of working conditions; 

c. Test results must be repeatable. 
See MPEP §2138.05. 
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8. Appellants indicated that the Exhibits do not provide the actual code and 
therefore it is not possible to show, via the Exhibits, certain features of the claims, such 
as the steps of "determining which policies..." and "determining whether to perform the 
operation..." as recited in claim 1. 

In response, the examiner cannot determine whether or not the reduced to 
practice invention is commensurate with the claims without the nexus between the 
claim and the Exhibit. As a result, the Examiner has no basis to approve the 
affidavit. Therefore, the burden is on applicant to provide the necessary facts and 
evidence to make this showing (MPEP 715.07). 

9. Accordingly, Appellants have not established prior invention. The rejection is 
maintained. 

Claim Rejections - 35 USC § 103 

1 0. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed 
or described as set forth in section 102 of this title, if the differences between the 
subject matter sought to be patented and the prior art are such that the subject 
matter as a whole would have been obvious at the time the invention was made 
to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was 
made. 
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This application currently names joint inventors. In considering patentability of 
the claims under 35 U.S.C. 103(a), the examiner presumes that the subject matter of 
the various claims was commonly owned at the time any inventions covered therein 
were made absent any evidence to the contrary. Applicant is advised of the obligation 
under 37 CFR 1 .56 to point out the inventor and invention dates of each claim that was 
not commonly owned at the time a later invention was made in order for the examiner to 
consider the applicability of 35 U.S.C. 103(c) and potential 35 U.S.C. 102(e), (f) or (g) 
prior art under 35 U.S.C. 103(a). 

11. Claims 1-5 and 21-25 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Ayi et al. (hereinafter "Ayi", Pub. No.: US 2002/0143735) in view of Hart 
(5,787,428). 

As per claim 1 , Ayi teaches a method for managing access to data in a database 
subject to a plurality of label-based security policies, the method comprising the steps 
of: 

receiving, within a database management system, a request for performing an 
operation set of one or more operations on data in a table of the database (Ayi, page 1 , 
[0006] - [0008]); 

determining which policies, of the plurality of label-based policies, apply to the 
table based on a policy set of one or more policies associated with the table(Ayi, page 
1 ; [0006] [0008]). 
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Ayi discloses determining whether to perform an operation/access on a dataset 
based on the label associated with the dataset (Ayi, page 1 , [0006]). 

Ayi does not explicitly disclose whether to perform the operation on a row, of the 
table. Hart teaches determining whether to perform the operation on a row of the table 
based on a set of labels associated with the row (Hart, Fig. 4-8, col. 6, lines 5-19). 

Therefore, it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to modify the access control system of Ayi by incorporating 
determining whether to perform the operation on a row of the table based on a set of 
labels associated with the row as disclosed by Hart (Hart, Fig. 4-8, col. 6, lines 5-19). 
The motivation being to provide different security level and access management for 
different rows in the table. 

As per claim 2, Ayi and Hart teach all the claimed subject matters as discussed in 
claim 1, and further teach adding a policy column to the table for each policy in the 
policy set associated with the table (Hart, Fig. 4). 

As per claim 3, Ayi and Hart teach all the claimed subject matters as discussed in 
claim 2, and further teach storing a label, of the set of labels associated with the row, 
in a corresponding policy column of the row (Hart, Fig. 4). 
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As per claim 4, Ayi and Hart teach all the claimed subject matters as discussed in 
claim 2, and further teach said step of determining which policies apply further 
comprising the step of determining whether a column is a policy column (Hart, Fig. 4-8, 
col. 6, lines 5-19). 

As per claim 5, Ayi and Hart teach all the claimed subject matters as discussed in 
claim 1 , and further teach the policy set associated with the table includes two or more 
policies of the plurality of label-based policies (Ayi, page 1 , [0006]-[0008], Hart, Fig. 
4-8). 

Claims 21-25 are rejected on grounds corresponding to the reasons given above 
for claims 1-5. 

12. Claims 6-20 and 26-40 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Hayman et al. (hereinafter "Hayman", 5,859,966) in view of Ayi et al. 
(hereinafter "Ayi", Pub. No.: US 2002/0143735 A1). 

As per claim 6, Hayman discloses a method for managing access to data in on a 
policy set of one or more label-based security policies, the method comprising the steps 
of: 

registering one or more packages of routines, wherein each package of said one 
or more packages implements a security model that supports a model set of one or 
more policies of the policy set and said each package includes an access mediation 
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routine (Hayman, col. 8, line 67 col. 9, line 14, col. 9, line 56 - col. 10, line 4, Hayman 
teaches incorporate and installation security software which inherently includes 
registering one or more package of routines); 

associating a first policy of a first model set in a first package with an object 
(Hayman, col. 5, lines 18-60, Hayman teaches labels/policies are applied to each 
object. Please note the labels are plural, which inherently includes a first policy, a 
second policy, etc); and 

invoking the access mediation routine in the first package to determining whether 
to allow operation on data based on the first policy (Hayman, col. 3, line 44 - col. 4, line 
50, col. 9, line 55 - col. 10, line 4). 

Hayman teaches the security policy is applied to an object, however, Hayman 
does not explicitly disclose the object is a first table within the database system. Ayi 
teaches applies labels to tables in the database system (Ayi, page 1 , [0006]-[0008]). 

Therefore, it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to modify the security system of Hayman by applying the 
labels/policies to tables in the database system as disclosed by Ayi. The motivation 
being to control access to the data in a table of the database system. 

As per claim 7, Hayman and Ayi teach all the claimed subject matters as discussed 
in claim 6, and further teach forming said each package of said one or more 
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packages so that the access mediation routine conforms to a specified interface for 
enforcing a policy in the database management system (Hayman, con. 9, lines 
1-13). 

As per claim 8, Hayman and Ayi teach all the claimed subject matters as 
discussed in claim 7, and further teach said each package further comprising including 
one or more administrative routines for defining a policy for the model set (Hayman, col. 
9, line 55 - col. 10, line 4). 

As per claim 9, Hayman and Ayi teach all the claimed subject matters as 
discussed in claim 8, and further teach one or more administrative routines for defining 
a policy further comprising including one or more administrative routines for defining a 
name for a particular policy; labels for the particular policy; descriptions for the labels; 
and properties for the labels (Hayrnan, col. 5, lines 18-60). 

As per claim 10, Hayman and Ayi teach all the claimed subject matters as 
discussed in claim 6, and further teach invoking an administrative routine of the first 
package for defining the first policy (Hayman, col. 3, lines 43-49; col. 4, lines 5-13; col. 
5, lines 18-60). 

As per claim 1 1 , Hayman and Ayi teach all the claimed subject matters as 
discussed in claim 10, and further teach invoking the administrative routine of the first 



Application/Control Number: 10/006,543 Page 12 

Art Unit: 2164 

package further comprising providing to the administrative routine of the first package a 
plurality of parameters including a policy name for the first policy and a plurality of label 
names for labels of the first policy (Hayman, col. 4, lines 5-13; col. 5, lines 18-60, col. 6, 
lines 45-67). 

As per claim 12, Hayman and Ayi teach all the claimed subject matters as 
discussed in claim 6, and further teach in response to attempts to operate on data in a 
row in the table, the step of determining that the first policy applies to the table 
(Hayman, col. 5, lines 25-39, Ayi, page 1, [0006]-[0008]). 

As per claim 13, Hayman and Ayi teach all the claimed subject matters as 
discussed in claim 6, and further teach associating a second policy of a second model 
set in a second package with a second table within the database system; and invoking 
the access mediation routine in the second package for determining whether to allow 
operation on data in the second table based on the second policy (Ayi, page 1 , 
[0006]-[0008]). 

As per claim 14, Hayman and Ayi teach all the claimed subject matters as 
discussed in claim 13, and further teach the second model in the second package is the 
same as the first model in the first package (Hayman, col. 5, lines 25-60, Ayi, page 1 , 
[0006]-[0008]). 
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As per claim 15, Hayman and Ayi teach all the claimed subject matters as 
discussed in claim 13, and further teach the second model in the second package is 
different from the first model in the first package (Hayman, col. 5, lines 25-60, Ayi, page 
1 , [0006]-[0008]). 

As per claim 16, Hayman and Ayi teach all the claimed subject matters as 
discussed in claim 13, and further teaches the second table is the same as the first 
table (Hayman, col. 5, lines 25-60, Ayi, page 1 ., [0006]-[0008]). 

As per claim 17, Hayman and Ayi teach all the claimed subject matters as 
discussed in claim 13, and further teach the second table is different from the first table 
(Hayman, Col. 5, lines 25-60, Ayi, page 1, [0006]-[0008]). 

As per claim 18, Hayman and Ayi teach all the claimed subject matters as 
discussed in claim 6, and further teach invoking the access mediation routine in the first 
package further, comprising providing data indicating the first policy to the access 
mediation routine (Hayman, Col. 9, line 55 - Col 10, line 4). 

As per claim 19, Hayman and Ayi teach all the claimed subject matters as 
discussed in claim 6, and further teach the method further comprises the step of 
determining a set of allowed labels for the first policy for a user of the database 
management system; said step of invoking the access mediation routine is performed 
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during said step of determining the set of allowed labels; and the user is allowed to 
operate on the data according to the first policy if the data is associated with a label for 
the first policy and the label is included in the set of allowed labels for the first policy 
(Hayman, Col. 5, lines 25-60, col. 9, line 55 - Col. 10, line 4). 

As per claim 20, Hayman and Ayi teach all the claimed subject matters as 
discussed in claim 19, and further teach storing the set of allowed labels in a session 
cache for a communication session between the database management system and the 
user (Hayman, Col. 8, lines 54-67, Ayi, page 1, [0006]-[0008]). 

Claims 26-40 are rejected on grounds corresponding to the reasons given above 
for claims 6-20. 

(10) Response to Argument 
Arguments A: 

1 . Declaration and exhibits submitted under 37 C.F.R. §1 .1 31 

2. The evidence submitted under 37 C.F.R. §1.131 is sufficient to establish a 
reduction to practice of the invention prior to the effective date of Ayi. 

Appellants argue that it is the Examiner's position that the evidence submitted 
under 37 C.F.R. § 1.131 is insufficient to establish an actual reduction to practice of the 
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invention, according to Claims 1-5 and 21-25, prior to the effective date of Ayi (page 2). 
The Examiner contends that the subject declaration (a) amounts to a general allegation 
and (b) lacks a statement of the facts demonstrating the correctness of the declaration, 
by the inventors, that the invention was reduced to practice prior to the effective date of 
Ayi (page 2). It is respectfully submitted that this is incorrect. 



In response to the preceding arguments, Examiner respectfully submits that the 
evidence submitted is insufficient to establish a reduction to practice of the invention 
from a date prior to the date of reduction to practice of the Ayi reference. 



MPEP 715.02 states: 

The 37 CFR 1.131 affidavit or declaration must establish possession of 
either the whole invention claimed or something falling within the claim. If 
the affidavit contains facts showing a completion of the invention 
commensurate with the extent of the invention as claimed is shown in the 
reference or activity, the affidavit or declaration is sufficient, whether or not 
it is a showing of the identical disclosure of the reference or the identical 
subject matter involved in the activity. See In re Wakefield, 422 F.2d 897, 
1 64 USPQ 636 (CCPA 1 970). 



On page 3 of Appellants' Response filed on 08 September 2006, Appellants 
indicated that it is difficult to show the steps of "determining which polices..." and 
"determining whether to perform the operation". It is submitted that without 
correlating the limitations of at least for the independent claims to Appellants' Exhibits, 
the Appellants have failed to show possession of the claimed invention. 
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Appellants repeatedly indicate that the Examiner has failed to point out where in 
the MPEP requires that limitations of the claims must be correlated to exhibits. 



In response to the preceding arguments, Examiner respectfully submits that 
in actions dated from July 19, 2006 to October 29, 2007, the Examiner has spelled 
out very clearly that MPEP 715.02 requires affidavit or declaration must establish 
possession of claimed invention. As such, in order to show possession of the 
claimed invention it is necessary to correlate the exhibits to the claimed limitations 
to facilitate evidence finding. The examiners cannot be expected to search the 
entire record for the evidence, the difference lies in the way in which the 
evidence is presented (MPEP 715.05,). Without pointing out which parts of the 
exhibit are being relied upon, the submitted Declaration would not be convincing 
evidence to knockdown the prima facie case. 



MPEP 715.07 

The affidavit or declaration and exhibits must clearly explain which facts or data 
applicant is relying on to show completion of his or her invention prior to the 
particular date. Vague and general statements in broad terms about what the 
exhibits describe along with a general assertion that the exhibits describe a 
reduction to practice "amounts essentially to mere pleading, unsupported by 
proof or a showing of facts" and, thus, does not satisfy the requirements of 37 
CFR 1.131(b). In re Borkowski, 505 F.2d 713, 184 USPQ 29 (CCPA 1974). 
Applicant must give a dear explanation of the exhibits pointing out exactly 
what facts are established and relied on by applicant. 505 F.2d at 71 8-1 9, 
184 USPQ at 33. See also In re Harry, 333 F.2d 920, 142 USPQ 164 (CCPA 
1 964) (Affidavit "asserts that facts exist but does not tell what they are or when 
they occurred."). 
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Appellants further argue that in support of the Patent office policy for actual 
reductions to practice which states: 

Testing is required unless operativeness of invention is readily apparent; 

Testing, if required, must be under actual working conditions or realistic 
simulation of working conditions; 

Test results must be repeatable. 

The Examiner cites MPEP 2138.05; however, § 2138.05 pertains to interference 
proceedings and 37 CFR 1 .131 does not apply in interference proceedings. 

In response to the preceding arguments, Examiner respectfully submits that 
reduction to practice occurs in other context as well, such as 37 CFR 1 .131 and not just 
for interference proceedings. 

§ 2138 states. 

35 U.S.C. 102(g) issues such as conception, reduction to practice and diligence, 
while more commonly applied to interference matters, also arise in other 
contexts. 



Arguments B: 

Claims 6-20 and 26-40 stand rejected under 35 U.S.C. § 103(a) as allegedly 
being unpatentable over Hayman in view ofAyi. 
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1. Claims 6 and 26 

Appellants argue that neither Hayman nor Ayi taught the feature of claims 6 and 
26 which require that after a policy of a package is associated with a table, an access 
mediation routine of that same package is invoked to determine whether an operation is 
allowed on data of that table. 

In response to the preceding arguments, Examiner respectfully submits that it is 
recognized that Hayman teaches associating a policy with an object but not a table. As 
such, Ayi is brought in to supplement the feature "associating the policy to the table". 
Ayi teaches "associating a first policy of a first model set in a first package with a first 
table within the database system" as defining a set of rules that establish a policy and 
generating one or more labels based on the defined policy for marking, e.g., tagging, 
the dataset (i.e., table). The defined policy determines the data scope that is 
accessible to each label (Ayi, [0006-0008 and 0064]). 

Hayman further teaches the limitation "invoking the access mediation routine in 
the first package for determining whether to allow operation on data in the first table 
based on the first policy" as the Reference Monitor is the entity that mediates all 
requests for access to an object by a subject, and thus controls whether, and to what 
extent, the subject is granted access to the object. Such a Reference Monitor can be 
found in the earlier version of Data General's security system discussed in the 
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Background of the Invention above. The various subject-to-object access policies 
described above can be implemented by storing various policy data in an Information 
Security Policy Table database, which is maintained as part of the Reference Monitor 
(col. 9, line 55 -col. 10, line 4). 

As a result, the combination of Hayman and Ayi teaches the limitations as 
claimed. 

Appellants further argue that there is no teaching or suggestion in Hayman that 
the Session Monitor, or any component thereof, is associated with a table within a 
database system. 

In response to the preceding arguments, Examiner respectfully submits that the 
Examiner has addressed this argument in the response to argument Arguments B 1 . 
Claims 6 and 26. 

Appellants further argue that Hayman fails to teach or suggest that a policy 
module and policy data (1 ) originate from the same package (2) that is registered with a 
database management system. 

In response to the preceding arguments, Examiner respectfully submits that 
Hayman teaches the limitation "registering, with a database management system, one 
or more packages of routines, wherein each package of said one or more packages 



Application/Control Number: 10/006,543 Page 20 

Art Unit: 2164 

implements a security model that supports a model set of one or more policies of the 
database policy set and said each package includes an access mediation routine" as 
the various subject-to-object access policies described above can be implemented by 
storing various policy data in an Information Security Policy Table database, which is 
maintained as part of the Reference Monitor (col. 9, lines 61-65). The Session Monitor 
has been designed to be extensible, in the sense that the owner of the security system 
can incorporate their own software to change access mode of a user or administrator, or 
to process authentication transactions before allowing a user or administrator access to 
the system, in either an existing mode or a new mode implemented by the said 
software. In either case, integration with the supplied security system is accomplished 
by writing the new software to function against interfaces delivered as part of the 
security system, following policy guidelines also included with the security system. After 
installation of said new software, administration of the new access mode function(s) 
and/or the new authentication function(s) is accomplished in the same way, using the 
same mechanisms, as administration of the access modes and authentication 
method(s) delivered with the original security system (col. 8, line 67 - col. 9, line 13). 

Appellants continue to argue that Hayman does not teach or suggest that a label 
is registered with a database management system. 

In response to Appellants' argument that the references fail to show certain 
features of applicant's invention, it is noted that the features upon which Appellants 
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relies (i.e., "label is registered with a database management system") are not recited in 
the rejected claim(s). Although the claims are interpreted in light of the specification, 
limitations from the specification are not read into the claims. See In re Van Geuns, 988 
F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993). 

2. Claims 7-20 and 27-40 
a. Claim 8 

Appellants further argue that Hayman does not teach or suggest the 
recited administrative routines, which are included in a package and are for 
defining the first policy. 

In response to the preceding arguments, Examiner respectfully submits 
that Hayman teaches the limitation "administrative routines, which are included in a 
package and are for defining the first policy" as the security system of the invention 
basically involves breaking up the totality of computer functions into required privileges 
and assigning different privileges to each user depending on the particular job which 
that user is to do on the computer system. Also, security labels are placed on each 
data file or other system resource, and on each user process. A hierarchy of labels is 
created ranging from highly secret to commonly accessible and strict policies are 
enforced by the security system based on these labels to determine who has what type 
of access to which data files or other system resource. According to the invention, a 
range of these labels is assigned to a particular user process to define a clearance 
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range in which the process is allowed to operate. Further, the hierarchy of labels is 
divided into a small number (for example 3) of regions, and a user process operating 
on one region is generally not allowed to access another region except in a very 
carefully proscribed manner (col. 1 , line 54 - col. 2, line 8). 

Hayman further teaches allow the security policy enforced by the system to be 
configurable by each site to meet its individual requirements, privilege checks are done 
by means of "events". An event is defined as a place in the code where a security- 
relevant decision is made or recorded. When the system needs to check whether a 
process should be allowed to perform some operation, it uses the unique event name 
defined for that particular privilege check to look up, in a table, the capability or 
capabilities which the process must possess to pass the check. By providing a 
mechanism for individual sites to modify the event name-to-capability table, the site 
can configure the system to enforce their own security policy, in addition to, or instead 
of, the supplied event/capability policy delivered with the security system (col. 4, lines 
5-13). 

Based on the above, Hayman teaches administrative routines, which are 
included in a package and are for defining the first policy. 



b. 



Claims 10 and 30 
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Appellants argue that nothing in the cited portion may be equated to the 
recited "first package" of claim 10. Thus, this cited portion fails to teach or 
suggest anything related to a routine of a package, much less a routine "for 
defining the first policy". 

In response to the preceding arguments, Examiner respectfully submits 
that Hayman's system is directed to a security system which precisely control 
show has access to a computer system and the system's resources (col. 1 , lines 
5-1 0). Hayman teaches "invoking an administrative routine of the first package 
for define the first policy" as the security system's ability to allow checks to be 
placed on a process concerning exactly which operations it can perform . 
According to the invention, further checks can be placed on a subject's access to 
particular objects. According to well-known Mandatory Access Control (MAC) 
theory, labels are applied to each object and each subject (col. 5, lines 20-26). 
Hayman further teaches security labels are placed on each data file or other 
system resource, and on each user process. A hierarchy of labels is created 
ranging from highly secret to commonly accessible and strict policies are enforced 
by the security system based on these labels to determine who has what type of 
access to which data files or other system resource. According to the invention, a 
range of these labels is assigned to a particular user process to define a clearance 
range in which the process is allowed to operate (col. 1, line 63 - col. 4, line 4). 
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Appellant's broadly claimed "first package" is interpreted as any software 
routine or module. As such, Hayman's system provides software routines that 
implement strict policies on the labels to determine who has what type of access 
to which data files or other system resource (col. 1 , lines 63 - col. 4, line 1 ) reads 
on the claimed limitation "a first package for define the first policy". 

c. Claims 11 and 31 

Hayman fails to teach or suggest anything related to a package that 
includes an administrative routine for defining a policy. 

In response to the preceding arguments, Examiner has addressed this 
argument in response to arguments b) claims 10 and 30 and claim 8. 

d. Claims 13 and 33 

Hayman lacks any teaching or suggestion of the recited second package, 
which includes a policy and an access mediation routine for determining, based 
on that policy, whether to allow an operation on data in a table. 

In response to the preceding arguments, Examiner respectfully submits 
that Hayman teaches "...second package, which includes a policy and an access 
mediation routine for determining, based on that policy, whether to allow an 
operation on data in a table" as the Reference Monitor is the entity that mediates 
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all requests for access to an object by a subject, and thus controls whether, and 
to what extent, the subject is granted access to the object. Such a Reference 
Monitor can be found in the earlier version of Data General's security system 
discussed in the Background of the Invention above. The various subject-to- 
object access policies described above can be implemented by storing various 
policy data in an Information Security Policy Table database, which is maintained 
as part of the Reference Monitor (col. 9, line 55 - col. 10, line 4). Hayman's 
system further teaches software routines that implement strict policies on the 
labels to determine who has what type of access to which data files or other 
system resource (col. 1 , lines 63 - col. 4, line 1). Hayman teaches associating a 
policy with an object but not table. Ayi is brought in to supplement the feature 
"associating the policy to the table". Ayi teaches "... allow operation on data in 
the second table based on the second policy" as defining a set of rules that 
establish a policy and generating one or more labels based on the defined policy 
for marking, e.g., tagging, the dataset (i.e., table). The defined policy determines 
the data scope that is accessible to each label (Ayi, [0006-0008 and 0064]). As a 
result, Hayman and Ayi teach the limitations as claimed. 

e. Claims 20 and 40 

Both Hayman and Ayi fail to suggest that the recited set of allowed labels 
are stored in a session cache. 
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In response to the preceding arguments, Examiner respectfully submits 
that Hayman teaches "labels are stored in a session cache" as the Session 
Monitor is the part of the security system which controls the manner in which a 
user or administrator initially gains access to the computer system, and the 
manner in which a user or administrator changes from their current mode of 
access to a different mode (for example, from user to administrator). The 
Session Monitor also participates in enforcing the security system's containment 
policy by limiting both user and administrator security credentials, no matter what 
their current mode of access, to maximum values established upon the said 
user's or administrator's initial access to the system. The Session Monitor has 
been designed to be extensible, in the sense that the owner of the security 
system can incorporate their own software to change access mode of a user or 
administrator, or to process authentication transactions before allowing a user or 
administrator access to the system, in either an existing mode or a new mode 
implemented by the said software. In either case, integration with the supplied 
security system is accomplished by writing the new software to function against 
interfaces delivered as part of the security system, following policy guidelines 
also included with the security system. After installation of said new software, 
administration of the new access mode function(s) and/or the new authentication 
function(s) is accomplished in the same way, using the same mechanisms, as 
administration of the access modes and authentication method(s) delivered with 
the original security system. The Session Monitor has also been designed 
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around the concept that different access modes might require different 
credentials and different authentication procedures. Consequently any one of 
the supported access modes, either originally delivered with the security system 
or written and installed by the owner, may require a different series of 
authentication steps than any other of the said access modes, including 
authentication steps that are processed using software written and installed by 
the owner of the said security system. Similarly, the Session Monitor may assign 
any supported access mode, either originally delivered with the security system 
or written and installed by the owner, a different set of security credentials (col. 8, 
line 55 -col. 9, line 26). 

(11) Related Proceeding(s) Appendix 

No decision rendered by a court or the Board is identified by the examiner in the 
Related Appeals and Interferences section of this examiner's answer. 



In light of the foregoing arguments, the Examiner respectfully requests the 
Honorable Board of Appeals to sustain the rejections. 



Respectfully submitted, 
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